Accepting request 943712 from Base:System
- Update systemd-user PAM service again Change the default implementation of pam_setcred() again, previously customized to run the full "auth" PAM stack and only call pam_deny.so which is basically the SUSE default behavior without pam_warn.so. This is considered safer, especially on SLE where a regression was spotted by QA. - move files related to static nodes to udev - Replace S:$n references with SOURCE$n. Makes vim * search work. OBS-URL: https://build.opensuse.org/request/show/943712 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/systemd?expand=0&rev=342
This commit is contained in:
commit
090a28bed5
21
systemd-user
21
systemd-user
@ -2,18 +2,19 @@
|
|||||||
#
|
#
|
||||||
# Used by systemd --user instances.
|
# Used by systemd --user instances.
|
||||||
|
|
||||||
# This is not about authentication per se (user@.service is a system
|
# Override the default behavior of the "auth" PAM stack and don't throw a
|
||||||
# service anyway) but to give the possibility to user services
|
# warning each time a user instance is started, which is the default behavior of
|
||||||
# (especially those like gnome-terminal, see [1]) to have theirs
|
# the PAM stack when no auth is defined. Indeed PID1 calls pam_setcred() when
|
||||||
# credentials extended similar to the ones received by a user when he
|
# the user instance is about to be started to allow some user services, such as
|
||||||
# logs in (and the full PAM authentication stack is run). See [2] and
|
# gnome-terminal, to extend theirs credentials similar to the ones received by a
|
||||||
# [3] for details.
|
# user when he logs in (and the full PAM authentication stack is run). For some
|
||||||
|
# details, see:
|
||||||
#
|
#
|
||||||
# [1] https://gitlab.gnome.org/GNOME/gdm/-/issues/393
|
# https://gitlab.gnome.org/GNOME/gdm/-/issues/393
|
||||||
# [2] https://github.com/systemd/systemd/issues/11198
|
# https://github.com/systemd/systemd/issues/11198
|
||||||
# [3] https://bugzilla.suse.com/show_bug.cgi?id=1190515
|
# https://bugzilla.suse.com/show_bug.cgi?id=1190515
|
||||||
#
|
#
|
||||||
auth include common-auth
|
auth required pam_deny.so
|
||||||
|
|
||||||
account include common-account
|
account include common-account
|
||||||
|
|
||||||
|
@ -1,3 +1,25 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Jan 4 08:23:19 UTC 2022 - Franck Bui <fbui@suse.com>
|
||||||
|
|
||||||
|
- Update systemd-user PAM service again
|
||||||
|
|
||||||
|
Change the default implementation of pam_setcred() again, previously
|
||||||
|
customized to run the full "auth" PAM stack and only call pam_deny.so which is
|
||||||
|
basically the SUSE default behavior without pam_warn.so.
|
||||||
|
|
||||||
|
This is considered safer, especially on SLE where a regression was spotted by
|
||||||
|
QA.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Dec 7 12:05:55 UTC 2021 - Ludwig Nussel <lnussel@suse.de>
|
||||||
|
|
||||||
|
- move files related to static nodes to udev
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Nov 24 10:40:01 UTC 2021 - Ludwig Nussel <lnussel@suse.com>
|
||||||
|
|
||||||
|
- Replace S:$n references with SOURCE$n. Makes vim * search work.
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Nov 22 08:48:12 UTC 2021 - Franck Bui <fbui@suse.com>
|
Mon Nov 22 08:48:12 UTC 2021 - Franck Bui <fbui@suse.com>
|
||||||
|
|
||||||
@ -281,6 +303,7 @@ Mon Aug 2 12:54:44 UTC 2021 - Franck Bui <fbui@suse.com>
|
|||||||
This includes the following bug fixes:
|
This includes the following bug fixes:
|
||||||
|
|
||||||
- upstream commit 6fb61918ccdd0610b425d5b0e5417751f8f8f783 (bsc#1182870)
|
- upstream commit 6fb61918ccdd0610b425d5b0e5417751f8f8f783 (bsc#1182870)
|
||||||
|
- upstream commit 6fe2a70b9160e35fdeed9d37bd31727c2d46a8b2 (jsc#SLE-17798)
|
||||||
|
|
||||||
- Rebased 0002-rc-local-fix-ordering-startup-for-etc-init.d-boot.lo.patch
|
- Rebased 0002-rc-local-fix-ordering-startup-for-etc-init.d-boot.lo.patch
|
||||||
0012-resolved-create-etc-resolv.conf-symlink-at-runtime.patch
|
0012-resolved-create-etc-resolv.conf-symlink-at-runtime.patch
|
||||||
|
20
systemd.spec
20
systemd.spec
@ -1,7 +1,7 @@
|
|||||||
#
|
#
|
||||||
# spec file for package systemd
|
# spec file for package systemd
|
||||||
#
|
#
|
||||||
# Copyright (c) 2021 SUSE LLC
|
# Copyright (c) 2022 SUSE LLC
|
||||||
#
|
#
|
||||||
# All modifications and additions to the file contributed by third parties
|
# All modifications and additions to the file contributed by third parties
|
||||||
# remain the property of their copyright owners, unless otherwise agreed
|
# remain the property of their copyright owners, unless otherwise agreed
|
||||||
@ -725,8 +725,8 @@ rm %{buildroot}%{_mandir}/man1/resolvconf.1*
|
|||||||
mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/sysv-convert
|
mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/sysv-convert
|
||||||
mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/migrated
|
mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/migrated
|
||||||
|
|
||||||
install -m0755 -D %{S:3} %{buildroot}/%{_prefix}/lib/systemd/systemd-sysv-convert
|
install -m0755 -D %{SOURCE3} %{buildroot}/%{_prefix}/lib/systemd/systemd-sysv-convert
|
||||||
install -m0755 -D %{S:4} %{buildroot}/%{_prefix}/lib/systemd/systemd-sysv-install
|
install -m0755 -D %{SOURCE4} %{buildroot}/%{_prefix}/lib/systemd/systemd-sysv-install
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
mkdir -p % %{buildroot}%{_sysconfdir}/systemd/network
|
mkdir -p % %{buildroot}%{_sysconfdir}/systemd/network
|
||||||
@ -735,7 +735,7 @@ mkdir -p % %{buildroot}%{_sysconfdir}/systemd/nspawn
|
|||||||
# Package the scripts used to fix all packaging issues. Also drop the
|
# Package the scripts used to fix all packaging issues. Also drop the
|
||||||
# "scripts-{systemd/udev}" prefix which is used because osc doesn't
|
# "scripts-{systemd/udev}" prefix which is used because osc doesn't
|
||||||
# allow directory structure...
|
# allow directory structure...
|
||||||
for s in %{S:100} %{S:101} %{S:102}; do
|
for s in %{SOURCE100} %{SOURCE101} %{SOURCE102}; do
|
||||||
install -m0755 -D $s %{buildroot}%{_prefix}/lib/systemd/scripts/${s#*/scripts-systemd-}
|
install -m0755 -D $s %{buildroot}%{_prefix}/lib/systemd/scripts/${s#*/scripts-systemd-}
|
||||||
done
|
done
|
||||||
|
|
||||||
@ -759,7 +759,7 @@ rm -rf %{buildroot}/etc/systemd/system/*.target.{requires,wants}
|
|||||||
rm -f %{buildroot}/etc/systemd/system/default.target
|
rm -f %{buildroot}/etc/systemd/system/default.target
|
||||||
|
|
||||||
# Replace upstream systemd-user with the openSUSE one.
|
# Replace upstream systemd-user with the openSUSE one.
|
||||||
install -m0644 -D --target-directory=%{buildroot}%{_pam_vendordir} %{S:2}
|
install -m0644 -D --target-directory=%{buildroot}%{_pam_vendordir} %{SOURCE2}
|
||||||
|
|
||||||
# don't enable wall ask password service, it spams every console (bnc#747783)
|
# don't enable wall ask password service, it spams every console (bnc#747783)
|
||||||
rm %{buildroot}%{_unitdir}/multi-user.target.wants/systemd-ask-password-wall.path
|
rm %{buildroot}%{_unitdir}/multi-user.target.wants/systemd-ask-password-wall.path
|
||||||
@ -824,7 +824,7 @@ mkdir -p %{buildroot}%{_systemd_system_env_generator_dir}
|
|||||||
mkdir -p %{buildroot}%{_systemd_user_env_generator_dir}
|
mkdir -p %{buildroot}%{_systemd_user_env_generator_dir}
|
||||||
|
|
||||||
# ensure after.local wrapper is called
|
# ensure after.local wrapper is called
|
||||||
install -m 644 %{S:11} %{buildroot}%{_unitdir}/
|
install -m 644 %{SOURCE11} %{buildroot}%{_unitdir}/
|
||||||
ln -s ../after-local.service %{buildroot}%{_unitdir}/multi-user.target.wants/
|
ln -s ../after-local.service %{buildroot}%{_unitdir}/multi-user.target.wants/
|
||||||
|
|
||||||
# ghost directories with default permissions.
|
# ghost directories with default permissions.
|
||||||
@ -867,7 +867,7 @@ echo 'disable *' >%{buildroot}%{_userpresetdir}/99-default.preset
|
|||||||
# still keep the remaining paths that still don't have a better home
|
# still keep the remaining paths that still don't have a better home
|
||||||
# in suse.conf.
|
# in suse.conf.
|
||||||
rm -f %{buildroot}%{_tmpfilesdir}/{etc,home,legacy,tmp,var}.conf
|
rm -f %{buildroot}%{_tmpfilesdir}/{etc,home,legacy,tmp,var}.conf
|
||||||
install -m 644 %{S:5} %{buildroot}%{_tmpfilesdir}/suse.conf
|
install -m 644 %{SOURCE5} %{buildroot}%{_tmpfilesdir}/suse.conf
|
||||||
|
|
||||||
# The content of the files shipped by systemd doesn't match the
|
# The content of the files shipped by systemd doesn't match the
|
||||||
# defaults used by SUSE. Don't ship those files but leave the decision
|
# defaults used by SUSE. Don't ship those files but leave the decision
|
||||||
@ -891,7 +891,7 @@ fi
|
|||||||
|
|
||||||
# kbd-model-map.legacy is used to provide mapping for legacy keymaps,
|
# kbd-model-map.legacy is used to provide mapping for legacy keymaps,
|
||||||
# which may still be used by yast.
|
# which may still be used by yast.
|
||||||
cat %{S:14} >>%{buildroot}%{_datarootdir}/systemd/kbd-model-map
|
cat %{SOURCE14} >>%{buildroot}%{_datarootdir}/systemd/kbd-model-map
|
||||||
|
|
||||||
# Don't ship systemd-journald-audit.socket as there's no other way for
|
# Don't ship systemd-journald-audit.socket as there's no other way for
|
||||||
# us to prevent journald from recording audit messages in the journal
|
# us to prevent journald from recording audit messages in the journal
|
||||||
@ -1304,6 +1304,8 @@ fi
|
|||||||
%exclude %{_unitdir}/*.target.wants/systemd-hwdb*.*
|
%exclude %{_unitdir}/*.target.wants/systemd-hwdb*.*
|
||||||
%exclude %{_unitdir}/initrd-udevadm-cleanup-db.service
|
%exclude %{_unitdir}/initrd-udevadm-cleanup-db.service
|
||||||
%exclude %{_unitdir}/kmod-static-nodes.service
|
%exclude %{_unitdir}/kmod-static-nodes.service
|
||||||
|
%exclude %{_unitdir}/sysinit.target.wants/kmod-static-nodes.service
|
||||||
|
%exclude %{_tmpfilesdir}/static-nodes-permissions.conf
|
||||||
%exclude %{_unitdir}/systemd-nspawn@.service
|
%exclude %{_unitdir}/systemd-nspawn@.service
|
||||||
%if %{with machined}
|
%if %{with machined}
|
||||||
%exclude %{_prefix}/lib/systemd/systemd-machined
|
%exclude %{_prefix}/lib/systemd/systemd-machined
|
||||||
@ -1651,6 +1653,8 @@ fi
|
|||||||
%dir %{_unitdir}
|
%dir %{_unitdir}
|
||||||
%{_prefix}/lib/systemd/systemd-udevd
|
%{_prefix}/lib/systemd/systemd-udevd
|
||||||
%{_unitdir}/kmod-static-nodes.service
|
%{_unitdir}/kmod-static-nodes.service
|
||||||
|
%{_unitdir}/sysinit.target.wants/kmod-static-nodes.service
|
||||||
|
%{_tmpfilesdir}/static-nodes-permissions.conf
|
||||||
%{_unitdir}/systemd-udev*.service
|
%{_unitdir}/systemd-udev*.service
|
||||||
%{_unitdir}/systemd-udevd*.socket
|
%{_unitdir}/systemd-udevd*.socket
|
||||||
%{_unitdir}/systemd-hwdb*.*
|
%{_unitdir}/systemd-hwdb*.*
|
||||||
|
Loading…
Reference in New Issue
Block a user